MAL-2025-143739 Malicious code in iota-publish-farout-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5af19c1d6f08e7ef2fd2f4ffea93902babce362354f088e98f6484d66559a40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147002 Malicious code in quito-request-karma-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c90bb0614863aef8fa9c825f50394f601085ce72fe96a6c0d37ac4d097153fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147450 Malicious code in rimraf-izar-html-webpack-plugin-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 969f0af5a2acd4f35bc9f6a12bfdee60b30945dd4a21464b014b22f579711f02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140930 Malicious code in commitizen-fetch-leda-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad32909ada1383cfdbbe1faf4ff59ab81ad25641643f4c43649a502a9ae0e97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143358 Malicious code in html-webpack-plugin-csrf-link-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 922ca18a44731d301d1740519b17256d39a472601f460a03933bf194565d2642 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145108 Malicious code in module-lint-rehype-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2939b8efc57b0447f1e6a1c6ac30eb1b3c5f6a835d155211f5ef7e8a4b2a4009 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143356 Malicious code in html-webpack-plugin-astro-blitz-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dd60d4c15ba4743a5534b1eb8ea3d9e85b07a6b0c815b5ad417301435de30ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143370 Malicious code in html-webpack-plugin-rigel-heka-gemini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ccda5bca647ef2a6a8e7663d0c52c518824ee0fdb312fe1320b093bfdd154c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142533 Malicious code in flare-pm2-capella-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dffdfdbbb62103e9a6ef152943e0d49988b71a782d7479fba5ae5c2294b2f0f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140935 Malicious code in commitizen-less-loader-mysql-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b0ecbb57fc6d6f24d993aca7226c40313a8afa4b924e0eff9c1058e3b64581 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149507 Malicious code in winston-magellan-miranda-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ee01189845db7aa342e79e837373263b111cf89d61884466e815592205e5d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147560 Malicious code in sadr-envconfig-auth0-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00f7faf91afa0b899372f0025c962cd94361782828e6bb8cefd809cd004e8713 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141602 Malicious code in despina-octans-metalsmith-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9384bbb9fc0aa0e1f16a71cc9464392c53182e411ef298e21246033a29d53347 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141770 Malicious code in dotenv-safe-postcss-loader-taurus-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311fa8407e3f0b9e342b94b70bbf8b4f70cfd62a93df0c308b3f4b6bc8829b91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149402 Malicious code in webpack-perseus-version-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a0bd145a99ea5128f5d6470882e3e2efddd123e1742a090cbad1d83b53255df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149408 Malicious code in webpack-supervisor-dotenv-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2714d08ed8aff240d888fd65a138d36e56492e01ad10970dd01de5664bd97de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145874 Malicious code in optimize-css-assets-webpack-plugin-yildun-hugo-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d40cca4431ebe10a20e76cb02d720527955bc8358a7289cd5744c41ee9d29c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146635 Malicious code in promise-cressida-link-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55087f73e61906bf5e0de5f431ab2561dc61d4dc847696b9b09fb2b7b812ef23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144700 Malicious code in markdown-pdf-optimize-css-assets-webpack-plugin-ursa-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb6fa6a40691312a14cdb3ec297911446378ff71f510e643208327979aae313 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148544 Malicious code in terser-webpack-plugin-child-process-bunyan-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4839b0d11bd49cc80454d892a0010eb13cfbad005fb5bf93717d6f499ff2dd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...